HackMyVm Talk Walkthrough

Easy one, can be download here.

Following is a very simple walkthrough.


Scan ports, find 22 and 80.

Open Port 80, a chat service.

图片.png


Username has sql injection. So  burpsuite capture the post data, and use sqlmap to dump databases.(User temp is registered by me.)

图片.png


Ssh login with this username and password. But the username:password pair is in different order.

After ssh in, find five users in /home folder. Su to nona.

图片.png


Sudo -l, user nano can run lynx.

图片.png


Run lynx, open file:///root, read the root flag.

图片.png

发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

«    2022年12月    »
1234
567891011
12131415161718
19202122232425
262728293031
网站分类
搜索
最新留言
文章归档
网站收藏
  • 订阅本站的 RSS 2.0 新闻聚合

Powered By Z-BlogPHP 1.7.2